After updating puppetmaster cert, unable to fetch node definitions

The puppetmaster cert expired, so i did the typical thing, of blowing away the old ssl dir and doing a reinit.
(as per )

the puppetmaster and foreman run on the same box.

only problem is, after the update every puppet client now complains about

Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: Error 400 on SERVER: Failed to find FQDN via exec: Execution of ‘/etc/puppet/node.rb FQDN’ returned 1:

I could understand if this was on a different box and I needed to copy around CA certs, etc.
But it’s the same box. foreman.yaml already points directly to the freshly created keys, etc under

production/foreman.log says

Started GET “/node/” for at 2019-10-21 16:53:37 -0700
2019-10-21 16:53:37 [I] Processing by HostsController#externalNodes as YML
2019-10-21 16:53:37 [I] Parameters: {“name”=>“”}
2019-10-21 16:53:37 [W] No SSL cert with CN supplied - request from,
2019-10-21 16:53:37 [I] Redirected to
2019-10-21 16:53:37 [I] Filter chain halted as #Proc:0x00000006004f28@/usr/share/foreman/app/controllers/concerns/foreman/controller/smart_proxy_auth.rb:15 rendered or redirected
2019-10-21 16:53:37 [I] Completed 403 Forbidden in 3ms (ActiveRecord: 0.0ms)

What am I supposed to update now?